If I mount a filesystem that's been part of another Ubuntu installation (systemB let's call it) how does my system (systemA) work out permissions? Specifically:

Does userA on my system get access to userA's files in the foreign filesystem from systemB just because they have the same name? Must the passwords match? That implies to me that the filesystem must store user+password together somewhere so they can travel with the filesystem.

What happens if there is a userB on systemB and no matching user on my system? Who can access his files from systemA? Can root?

1 Answer
1

Permissions are granted based on the user ID in /etc/password. The names are just a convenience. (BTW, that is also the way it is done on windows).

Example:

Local system 'A' had a disk with this setup:

Joe, uid 500
Jane, uid 501
Job, uid 502

Files created by Joe get user ID 500.

Now I move that disk to system 'B'
System B has two users:

Janette, uid 500
slartibartfast, uid 501
Mark, uid 599

Files which were owned by user 500 (Joe) on system 'A' will now be accesable by user 500 on system 'B'. The owner will be listed as 'Janette'

This is the main reason why people keep their UIDs the same on all systems they log into. Esp. when NFS is involved.

(To be complete: Fles owner by 'Jane' will now show up as owned by 'slartibartfast', and files owned by 'Job' will just be listed by ID 502, since there is not matching name.)

If you like an analogy, think of uids as social security numbers. Your name can change (e.g. when you marry), but that number will always be the same.

[Edited a bit to answer the questions directly]

If I mount a filesystem that's been part of another Ubuntu installation (systemB let's call it) how does my system (systemA) work out permissions?

The system works out permission by checking if the active user has rights on the file, or if the active user is in a group which has rights on that file. Everywhere I wrote active user you need to realise that the user is just a number. (The ID). And this ignores extra restrictions set by SE-Linux.

Specifically: Does userA on my system get access to userA's files in the foreign filesystem from systemB just because they have the same name?

No. Only if they have the same uid.

Must the passwords match?

No password checking it done when you access file. You authenticate once (when you log in). Afterward you have rights on files which you own or which are in the same groups you are in.

That implies to me that the filesystem must store user+password together somewhere so they can travel with the filesystem.

No password checking is done on accessing files, so this is not relevant.

What happens if there is a userB on systemB and no matching user on my system?

If there is no user with the same uid then it is not possible to translate the uid to a name. Thus the raw numeric value is show.